package auth

// Permission represents a system permission
type Permission string

const (
	// Alert permissions
	PermissionViewAlerts   Permission = "view_alerts"
	PermissionManageAlerts Permission = "manage_alerts"

	// Ticket permissions
	PermissionViewTickets   Permission = "view_tickets"
	PermissionCreateTickets Permission = "create_tickets"
	PermissionUpdateTickets Permission = "update_tickets"
	PermissionDeleteTickets Permission = "delete_tickets"

	// Knowledge Base permissions
	PermissionViewKnowledge   Permission = "view_knowledge"
	PermissionManageKnowledge Permission = "manage_knowledge"

	// User permissions
	PermissionViewUsers   Permission = "view_users"
	PermissionManageUsers Permission = "manage_users"

	// Settings permissions
	PermissionViewSettings   Permission = "view_settings"
	PermissionManageSettings Permission = "manage_settings"

	// Analytics permissions
	PermissionViewAnalytics Permission = "view_analytics"

	// System permissions
	PermissionSystemAdmin Permission = "system_admin"
)

// RolePermissions maps roles to their permissions
var RolePermissions = map[string][]Permission{
	"viewer": {
		PermissionViewAlerts,
		PermissionViewTickets,
		PermissionViewKnowledge,
		PermissionViewAnalytics,
	},
	"operator": {
		PermissionViewAlerts,
		PermissionManageAlerts,
		PermissionViewTickets,
		PermissionCreateTickets,
		PermissionUpdateTickets,
		PermissionViewKnowledge,
		PermissionViewAnalytics,
	},
	"admin": {
		PermissionViewAlerts,
		PermissionManageAlerts,
		PermissionViewTickets,
		PermissionCreateTickets,
		PermissionUpdateTickets,
		PermissionDeleteTickets,
		PermissionViewKnowledge,
		PermissionManageKnowledge,
		PermissionViewUsers,
		PermissionManageUsers,
		PermissionViewSettings,
		PermissionManageSettings,
		PermissionViewAnalytics,
	},
	"super_admin": {
		PermissionViewAlerts,
		PermissionManageAlerts,
		PermissionViewTickets,
		PermissionCreateTickets,
		PermissionUpdateTickets,
		PermissionDeleteTickets,
		PermissionViewKnowledge,
		PermissionManageKnowledge,
		PermissionViewUsers,
		PermissionManageUsers,
		PermissionViewSettings,
		PermissionManageSettings,
		PermissionViewAnalytics,
		PermissionSystemAdmin,
	},
}

// GetPermissionsForRole returns all permissions for a given role
func GetPermissionsForRole(role string) []Permission {
	permissions, ok := RolePermissions[role]
	if !ok {
		return []Permission{}
	}
	return permissions
}

// HasPermission checks if a role has a specific permission
func HasPermission(role string, permission Permission) bool {
	permissions := GetPermissionsForRole(role)
	for _, p := range permissions {
		if p == permission {
			return true
		}
	}
	return false
}
